Sponsored Ads

The Web Security Mailing List

"Mozilla has been using an open-source application security testing
tool, known as a fuzzer, for JavaScript to detect and fix dozens of
security bugs in Firefox, Mozilla director of ecosystem development
Window Snyder said Thursday at the Black Hat USA 2007 conference in Las
Vegas. The JavaScript fuzzer found 280 bugs in Firefox, 27 of which
were exploitable.

Now Mozilla is making that JavaScript fuzzer available to
anyone who wants to use it, and it'll be followed later this year by
fuzzers for the HTTP and FTP protocols.

Mozilla worked with Microsoft, Apple, and Opera before making
the JavaScript fuzzer widely available in order to reduce the
possibility that the tool might be used to expose vulnerabilities in
those browsers. All of these browser vendors reviewed the tool and let
told Mozilla know that they were okay with the release, Snyder said. "

Having written/played with http response fuzzing I gotta say, there is still a lot of bugs out there :)